Remote Code Execution (RCE)

git-stats is vulnerable to remote code execution RCE. The vulnerability exists through the unsanitized values of options.start and options.end used in an exec call in GitStats.prototype.authors...

Code Injection in ionicabizau/git-stats

Overview git-stats is a js package for local git statistics including GitHub-like contributions calendars. Affected versions of this package are vulnerable to Command Injection. It is possible to inject arbitrary commands by using a semicolon char in any of the options.start or options.end values...